List Info

Thread: rdr rules with pf
rdr rules with pf
user name
 2008-06-13 19:34:16 
Hello everyone,

I'm trying to set up jails behind a NAT on my FreeBSD 7.0
box here as I've
only got one IP to play with. I'm currently using pf with
the following
configuration:

ext_if="rl0"
external_addr="x.x.x.x"
internal_net="192.168.222.0/24"

nat on $ext_if from $internal_net to any ->
$external_addr

rdr on rl0 proto tcp from any to any port 5223 ->
192.168.222.2
pass in all
pass out all


The jail in question is sitting on 192.168.222.2 and is able
to connect out.
The only problem I'm having is that the rdr statement
doesn't seem to be
working.
The examples I've been able to find so far encompass only
situations in
which the box has more than one nic (see a lot of ext_if and
int_if) and I
haven't been able
to find anything concrete.

The box is also running ipfw which I suspect may be causing
some conflicts
... to bypass these, however, I've added rule 1 as
"allow ip from any to
any"

Can anyone point out my error? I realize that this question
is probably
asked near constantly and there's probably some link I
simply haven't
consulted yet and for that I apologize.

Thanks for your input!

With love,

Margo S.
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: rdr rules with pf
country flaguser name
United States		 2008-06-15 18:08:56 
On Fri, Jun 13, 2008 at 05:34:16PM -0700, Margo Szathmár
wrote:
> I'm trying to set up jails behind a NAT on my FreeBSD
7.0 box here as I've
> only got one IP to play with. I'm currently using pf
with the following
> configuration:
> 
> ext_if="rl0"
> external_addr="x.x.x.x"
> internal_net="192.168.222.0/24"
> 
> nat on $ext_if from $internal_net to any ->
$external_addr
> 
> rdr on rl0 proto tcp from any to any port 5223 ->
192.168.222.2
> pass in all
> pass out all
> 
> The jail in question is sitting on 192.168.222.2 and is
able to connect out.
> The only problem I'm having is that the rdr statement
doesn't seem to be
> working.

Try adding "pass" to the rdr rule, e.g.: "rdr
pass ..."

-- 
| Jeremy Chadwick                                jdc at
parodius.com |
| Parodius Networking                       http://www.parodius.com/
|
| UNIX Systems Administrator                  Mountain View,
CA, USA |
| Making life hard for others since 1977.              PGP:
4BD6C0CB |

_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )